Security News

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. During the session Gordeychik demonstrated how NVIDIA DGX GPU servers used in machine learning frameworks, data processing pipelines and applications such as medical imaging and face recognition powered CCTV - could be tampered with by an adversary.

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. During the session Gordeychik demonstrated how NVIDIA DGX GPU servers used in machine learning frameworks, data processing pipelines and applications such as medical imaging and face recognition powered CCTV - could be tampered with by an adversary.

Patches released by NVIDIA last week for the GeForce Experience software address two arbitrary code execution bugs assessed with a severity rating of high. The GeForce Experience software is a companion application that is being installed alongside NVIDIA's GeForce drivers.

Nvidia, which makes gaming-friendly graphics processing units, has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card - it keeps users' drivers up-to-date, automatically optimizes their game settings and more.

NVIDIA released a security update for the Windows NVIDIA GeForce Experience app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service state on systems running unpatched software. The three vulnerabilities fixed in the October 2020 security update are detailed below, together with full descriptions and the CVSS V3 base score assigned by NVIDIA. CVE IDs Description Base Score CVE‑2020‑5977 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Sequitur Labs announced it has officially joined the NVIDIA Partner Network with full support for the NVIDIA Jetson platform and protection of IP at the edge. Sequitur's EmSPARK Security Suite provides a robust security framework protecting embedded firmware, keys and security-critical assets through the entire device lifecycle.

Inspur unveiled its Cloud SmartNIC solution based on NVIDIA BlueField-2 data processing unit at GTC 2020. The Inspur Cloud SmartNIC solution deeply integrates the Inspur Server with NVIDIA DPU, enabling the combined capabilities of embedded processing, SmartNIC networking and high-performance PCIe 4.0 host interface, which can deliver hyper-performance network acceleration at a speed of up to 200Gb/s.

NVIDIA has released security updates for the NVIDIA GPU Display Driver and the NVIDIA Virtual GPU Manager that fix a variety of serious vulnerabilities. The driver security update should be implemented by users of the company's desktop, workstation and data center GPUs, while the vGPU software update is available for the Virtual GPU Manager component on Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Nutanix AHV enterprise virtualization solutions.

VMware and NVIDIA announced a broad partnership to deliver both an end-to-end enterprise platform for AI and a new architecture for data center, cloud and edge that uses NVIDIA DPUs to support existing and next-generation applications. Through this collaboration, the rich set of AI software available on the NVIDIA NGC hub will be integrated into VMware vSphere, VMware Cloud Foundation and VMware Tanzu.

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution. The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver.